[Firehol-support] Firehol Status?
Costa Tsaousis
costa at tsaousis.gr
Mon Dec 11 18:15:15 CET 2006
firehol firehol wrote:
> Hello, Everyone:
>
> I've been looking at fireehol to configure the firewalls on my machines.
>
> Is firehol still under active support and bugfixes?
>
It is, although my time is very limited and I prefer not to make any new
releases due to the support effort they require.
The CVS version however should be stable (more stable than the last
release).
> I ask because I'm not sure firehol's configurations works correctly
> for DNS and email servers.
>
> When I use a config file like shown below, I found that packets
> returning from DNS requests were sometimes being blocked, and incoming
> connections to port 25 were also sometimes blocked. (Even when all
> rules had 'client all accept' and 'server all accept'.)
FireHOL relies on the iptables connection tracker. The connection
tracker may drop reply packets sent by servers due to its internal
timeout. Another possibility of dropping valid packets is the protection
limits set in firehol.conf.
> Do people use this firewall on real, working mail and DNS servers? Am
> I making some sort of mistake in my configs? I would love to get
> firehol working for my purposes.
I use it in a data-center with several hundreds of linux machines,
including high performance DNS and mail servers.
I am sure lots of other people are using it in a similar way without
problems.
Costa
More information about the Firehol-support
mailing list